OAuth 2.0 Identity and Access Management Patterns
Martin Spasovski
- 出版商: Packt Publishing
- 出版日期: 2013-11-28
- 售價: $1,510
- 貴賓價: 9.5 折 $1,435
- 語言: 英文
- 頁數: 128
- 裝訂: Paperback
- ISBN: 1783285591
- ISBN-13: 9781783285594
海外代購書籍(需單獨結帳)
相關主題
商品描述
Want to learn the world’s most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruction, it’s the complete guide.
Overview
- Build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate grant flow for the given scenario
- Get to know the inner workings of OAuth 2.0 and learn how to handle and implement various authorization flows
- Explore practical code examples that are executable as standalone applications running on top of Spring MVC
In Detail
OAuth 2.0 has become the most widely used authorization framework. It provides an easy-to-use sign-in mechanism and allows users to quickly and efficiently secure service APIs. It also provides a protection layer for assets so that various third-party applications cannot have direct access to them. From service providers like Amazon and social media platforms like Facebook and Twitter to various internal enterprise solutions, OAuth 2.0 is the preferred standard for authorization.
OAuth 2.0 Identity and Access Management Patterns is a step-by-step guide to build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate authorization techniques.. This book will help you handle and implement various authorization flows for your chosen type of application. Furthermore, you will understand when and how OAuth 2.0 is used in enterprises for trusted and first-party applications. You will gain knowledge about the Resource Owner Password Credentials grant and the Client Credentials grant, and more importantly, you will understand how to implement them yourself with the help of practical code examples.
You will start by making various client applications step-by-step before moving on to client registration and implementing various OAuth 2.0 authorization flows. Furthermore, you will also be handling server responses with access tokens and errors. By the end of this book, you should understand precisely what it takes for these client applications to be secured.
This book helps you cover each type of application: web, client-side, desktop, and trusted applications. In addition, you are also shown how to implement various authorization grant flows for each of these applications. You will uncover the security features that are a part of OAuth 2.0. More importantly, the book demonstrates what information is transmitted during the execution of a flow, and which precautions can be made. With OAuth 2.0 Identity and Access Management Patterns, you will be able to build a secure OAuth 2.0 client application with full confidence and will completely understand what data is exchanged when performing an authorization grant flow.
What you will learn from this book
- Master the meaning of key terms used and defined in the OAuth 2.0 specification
- Create OAuth 2.0 web applications and learn the Authorization Code grant
- Generate client-side OAuth 2.0 applications and learn the Implicit grant
- Design OAuth 2.0 mobile applications with the Implicit and Authorization Code grants
- Develop trusted OAuth 2.0 applications and learn the Resource Owner Password Credentials grant and the Client Credentials grant
- Understand which security features OAuth 2.0 contains, what information is to be protected, and what precautions should be put in place
- Explore the basics of SAML 2.0 Assertions and how to use them as a means of additional security
- Know which tools and libraries are available for faster development
商品描述(中文翻譯)
想學習全球最廣泛使用的授權框架嗎?這個教程將讓您迅速實現安全的 OAuth 2.0 授權流程。這本書針對實際應用和清晰指導而撰寫,是一本完整的指南。
概述
- 利用適當的授權流程,構建網頁、客戶端、桌面和伺服器端的安全 OAuth 2.0 客戶端應用程式
- 了解 OAuth 2.0 的內部運作,學習如何處理和實現各種授權流程
- 探索可作為獨立應用程式執行的實用程式碼範例,這些範例運行在 Spring MVC 之上
詳細內容
OAuth 2.0 已成為最廣泛使用的授權框架。它提供了一個易於使用的登入機制,並允許用戶快速有效地保護服務 API。它還為資產提供了一層保護,以防止各種第三方應用程式直接訪問這些資產。從像 Amazon 這樣的服務提供商到 Facebook 和 Twitter 等社交媒體平台,再到各種內部企業解決方案,OAuth 2.0 是授權的首選標準。
《OAuth 2.0 身份與存取管理模式》是一本逐步指南,幫助您利用適當的授權技術構建網頁、客戶端、桌面和伺服器端的安全 OAuth 2.0 客戶端應用程式。本書將幫助您處理和實現所選應用程式類型的各種授權流程。此外,您將了解 OAuth 2.0 在企業中如何用於受信任的第一方應用程式,以及何時和如何使用。您將獲得有關資源擁有者密碼憑證授權和客戶端憑證授權的知識,更重要的是,您將了解如何通過實用的程式碼範例自行實現這些授權流程。
您將從逐步製作各種客戶端應用程式開始,然後進入客戶端註冊和實現各種 OAuth 2.0 授權流程。此外,您還將處理帶有存取令牌和錯誤的伺服器回應。在本書結束時,您應該能夠準確理解這些客戶端應用程式需要哪些安全措施。
本書幫助您涵蓋每種類型的應用程式:網頁、客戶端、桌面和受信任的應用程式。此外,您還將學習如何為這些應用程式實現各種授權授權流程。您將揭示 OAuth 2.0 的安全功能。更重要的是,本書展示了在執行授權流程時傳輸了哪些資訊,以及可以採取哪些預防措施。通過《OAuth 2.0 身份與存取管理模式》,您將能夠自信地構建安全的 OAuth 2.0 客戶端應用程式,並完全理解在執行授權授權流程時交換了哪些數據。
您將從本書中學到的內容
- 掌握 OAuth 2.0 規範中使用和定義的關鍵術語的含義
- 創建 OAuth 2.0 網頁應用程式並學習授權碼授權
- 生成客戶端 OAuth 2.0 應用程式並學習隱式授權
- 設計使用隱式和授權碼授權的 OAuth 2.0 行動應用程式
- 開發受信任的 OAuth 2.0 應用程式,並學習資源擁有者密碼憑證授權和客戶端憑證授權
- 了解 OAuth 2.0 包含哪些安全功能,哪些資訊需要保護,以及應採取哪些預防措施
- 探索 SAML 2.0 聲明的基本知識及其作為額外安全手段的使用方式
- 知道有哪些工具和庫可用於加速開發